Home Cyber Attack Dominos India Admits Data Breach After Hackers Upload Stolen Data For Sale

Dominos India Admits Data Breach After Hackers Upload Stolen Data For Sale

by Abeerah Hashim
dominos india data breach

Another data breach has surfaced online targeting Indian citizens shortly after the Air India breach. The recent report comes from Dominos India that admitted a data breach after the hackers disclosed it. Roughly 180 million order details, together with other data, have appeared on the dark web for sale.

Dominos India Data Breach

Reportedly, Dominos India has sent emails to its customers notifying them of a data breach.

As per the details, Jubilant FoodWorks Limited running the Domino’s India franchise suffered a cyber attack on March 24, 2021.

Upon detecting the incident, the firm acted quickly to contain the attack and secure its systems. Also, their email reads that customers’ financial information remained safe as Domino’s India never store such data.

However, what’s worrisome is that the email didn’t clarify if any other information has suffered an impact during the incident. Nor did they elaborate on the incident details.

Moreover, the company also informed the customers months after the breach happened. That’s what the security researcher Rajshekhar Rajaharia has also pointed out in his tweet.

Nonetheless, the firm has confirmed to continue with investigations whilst involving cybersecurity experts. Also, they assured to have filed complaints with the cybercrime cell.

Data Of 180 Million Put Up For Sale

Domino’s India’s breach alert seemingly downplays the incident that has a far-reached impact on customers.

According to Bleeping Computer, a threat actor already put up a huge database for sale on the dark web back in April 2021. It was a 13TB data which, as claimed, included details of 250 employees, customer details, and precise information related to 180 million orders. This includes customers’ names, addresses, email addresses, phone numbers, GPS locations, and more.

Also, contrary to what Domino’s India claimed in the email, the stolen database included 1 million credit card data.

Besides, the database also includes internal files from 2015 to 2021 along with outlook mail archives.

The sellers have set up a price of 10BTC for this database.

Apart from selling, the same threat actors have set up a public search engine on the dark web for anyone to check for the appearance of personal data in a breach.

Though, anyone attempting to do so should bear in mind that the search engine belongs to the threat actors. Thus, any information entered there, if not impacted earlier, will now surely reach the hackers.

Let us know your thoughts in the comments.

You may also like

Latest Hacking News

Privacy Preference Center


The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]


DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.



The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid